Skip to content

chore(OSSF): update token permissions to improve ossf scorecard #1642

chore(OSSF): update token permissions to improve ossf scorecard

chore(OSSF): update token permissions to improve ossf scorecard #1642

Workflow file for this run

# ---
# name: Release
# on:
# workflow_dispatch:
# push:
# branches:
# - main
# paths:
# - 'src/**'
# - 'test/**'
# - 'scripts/**'
# - 'public/**'
# - 'packages/**'
# - 'package.json'
# - 'package-lock.json'
# permissions:
# contents: read
# jobs:
# create_github_release:
# outputs:
# full-tag: ${{ steps.release-drafter.outputs.tag_name }}
# short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }}
# body: ${{ steps.release-drafter.outputs.body }}
# runs-on: ubuntu-latest
# permissions:
# contents: write
# pull-requests: read
# steps:
# - uses: release-drafter/release-drafter@v6
# id: release-drafter
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# publish: true
# - name: Get the short tag
# id: get_tag_name
# run: |
# short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1)
# echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT
# create_npm_release:
# needs: create_github_release
# runs-on: ubuntu-latest
# permissions:
# packages: write
# env:
# REGISTRY: ghcr.io
# IMAGE_NAME: ${{ github.repository }}
# steps:
# - uses: actions/checkout@8459bc0 # v4
# - uses: actions/setup-node@c2ac33f # v4, Setup .npmrc file to publish to npm
# with:
# node-version: '18.x'
# registry-url: 'https://registry.npmjs.org'
# - run: npm ci
# - run: npm publish --access=public
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}